Zimbra with Traefik as reverse proxy

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
yassine.laz
Posts: 1
Joined: Sun Aug 04, 2019 3:48 pm

Zimbra with Traefik as reverse proxy

Postby yassine.laz » Sun Aug 04, 2019 4:27 pm

Hey everyone,

Im trying to setup Zimbra behind Traefik (reverse proxy) and I want Traefik to handle SSL termination. Anything between Traefik and Zimbra should be in http and certificates are handles on Traefik's side.
Im testing locally with self-signed certificates generated with openssl under a "certs" folder.
hostname "email.domain.com" is also routed locally in /etc/hosts.

Here is my docker-compose.yml file:

Code: Select all

version: '3.5'

services:

  traefik:
    image: traefik:alpine
    command: --api --docker --logLevel=DEBUG
    ports:
      - "80:80"
      - "443:443"
    networks:
      - traefik
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro 
      - ./traefik.toml:/traefik.toml
      - ./certs:/certs
    container_name: traefik

  zimbra:
    image: custom/zimbra
    build: .
    restart: always
    networks:
      - traefik
    hostname: email.domain.com
    ports:
      - 25:25
      - 465:465
      - 587:587
      - 110:110
      - 143:143
      - 993:993
      - 995:995
      - 8080:8080
      - 8443:8443
      - 7071:7071
      - 9071:9071
    dns:
      - 127.0.0.1
      - 8.8.8.8
    labels:
      - traefik.zimbra.frontend.rule=Host:email.domain.com
      - traefik.zimbra.port=8080
      - traefik.zimbra.protocol=http
      - traefik.zimbra-admin.frontend.rule=Host:admin.domain.com
      - traefik.zimbra-admin.port=7071
      - traefik.zimbra-admin.protocol=http
    environment:
      - "PASSWORD=zimbra-password"
    container_name: zimbra

networks:
  traefik:



I'm using a custom Dockerfile to address some issues during the setup:

Code: Select all

FROM jorgedlcruz/zimbra

RUN rm -r /var/lib/apt/lists/*
RUN mkdir /var/lib/apt/lists/partial
RUN apt-get update -y
RUN apt-get install -y software-properties-common
RUN apt-get install -y language-pack-en-base
RUN export LC_ALL=en_US.UTF-8 && export LANG=en_US.UTF-8

RUN apt-get update -y && apt-get install -y iputils-ping


Here is my traefik.toml config:

Code: Select all

InsecureSkipVerify = true
defaultEntryPoints = ["http","https"]

[entryPoints]

  [entryPoints.http]
    address = ":80"

  [entryPoints.http.redirect]
    entryPoint = "https"

  [entryPoints.https]
    address = ":443"
   
    [entryPoints.https.tls]
      [[entryPoints.https.tls.certificates]]
      certFile = "/certs/cert.crt"
      keyFile = "/certs/cert.key"



Within the container, I can curl 127.0.0.1:8080 and i get the adequate response. But accessing "email.domain.com" from the host renders a "Bad gateway" response.
Is there a way to debug this. Can SSL be disabled altogether in Zimbra? do I need to override Zimbra's internal nginx config?


Return to “Administrators”

Who is online

Users browsing this forum: No registered users and 30 guests